这会产生任何安全漏洞吗?
[英]Will this create any security exploit?
问题描述
I've a mongodb collection "users" in which i want to add a new field "wallet_amount" when user add money in their wallet. 
我有一个mongodb集合“用户”,当用户在他们的钱包中加钱时,我想在其中添加一个新字段“ wallet_amount”。 Right now at the time of user registration, i'm trying to insert a document like this 现在在用户注册时,我正在尝试插入这样的文档
db.users.insert( { email: "test@test.com", wallet_amount: 0 } )
Is this the correct way of doing this or there are chances this will create some security exploits since i'm passing wallet_amount default value as 0? 这是这样做的正确方法,还是因为我将wallet_amount默认值传递为0,所以这会创建一些安全漏洞吗? Or wallet_amount should be inserted only at the time when user add money in wallet. 或仅在用户在钱包中添加钱时才插入wallet_amount。
1 个解决方案
解决方案1
1 已采纳 2017-05-05 17:24:00
In theory there are no security implications as to whether you set initial amount on user creation or at a later stage. 从理论上讲,无论是在用户创建时还是在以后阶段设置初始数量,都没有安全隐患。
However, what you face as a more general security concern is that every time you have any query against the users table, you need to triple check it to make sure there is no way it can alter the wallet_amount incorrectly. 但是,您面临的一个更一般的安全性问题是, 每次对users表进行任何查询时,都需要对其进行三重检查,以确保它无法正确地更改wallet_amount。 Any developer who is coding against this table is touching potentially very sensitive data. 任何对此表进行编码的开发人员都在接触潜在的非常敏感的数据。
To mitigate against this, if you are dealing with a sensitive field like this: 为了缓解这种情况,如果您正在处理这样的敏感字段:
- Actually store the wallet amount in a separate table or database 实际上将钱包金额存储在单独的表或数据库中
- Have a very limited set of APIs to adjust the wallet amount, test them extensively and only ever use those APIs when working with the wallet amount 仅有非常有限的一组API来调整钱包金额,对其进行广泛测试,并且仅在处理钱包金额时才使用这些API
This means you decouple the sensitive data from your user table and allow you to isolate the part of your domain which needs extra care and attention. 这意味着您可以将敏感数据与用户表分离,并允许您隔离域中需要特别注意的部分。
If you want to take this a step further, consider not storing a wallet amount at all. 如果您想更进一步,请考虑完全不存储钱包金额。 A common approach for very secure financial systems is to actually store a ledger , which is an immutable record of every transaction. 非常安全的金融系统的一种常见方法是实际存储分类帐 ,这是每笔交易的不变记录。 In your case it might look like: 在您的情况下,它可能看起来像:
- Day 1: I add $100 to my wallet 第一天:我在钱包里加了$ 100
- Day 2: I spend $10 第二天:我花了10美元
- Day 3: I spend $13 第三天:我花了13美元
etc. You can then actually set up your database so you never mutate any data, only ever add more lines to the ledger. 等等。然后您就可以实际设置数据库了,这样您就不会变异任何数据,只需向分类帐添加更多行即可。 A cache can be used to keep track of the current balances, but this can always be recreated by running over the ledger items. 可以使用缓存来跟踪当前余额,但是始终可以通过运行分类帐项目来重新创建缓存。 This might be overkill for your scenario, but can provide an extra layer of protection, because you essentially forbid anyone from arbitrarily changing what is in the wallet, they can only add transactions (which makes it easier to spot suspicious behaviour or patterns, and trace where money moves). 这对于您的情况而言可能是过高的,但是可以提供额外的保护,因为您本质上禁止任何人随意更改钱包中的内容,他们只能添加交易(这使得更容易发现可疑的行为或模式并进行跟踪钱在哪里流动)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.